CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-29223
https://notcve.org/view.php?id=CVE-2024-29223
12 Feb 2025 — Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-31858
https://notcve.org/view.php?id=CVE-2024-31858
12 Feb 2025 — Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. • https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23359 – NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23359
12 Feb 2025 — A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://nvidia.custhelp.com/app/answers/detail/a_id/5616 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57602
https://notcve.org/view.php?id=CVE-2024-57602
12 Feb 2025 — An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. • https://hkohi.ca/vulnerability/12 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-51440
https://notcve.org/view.php?id=CVE-2024-51440
12 Feb 2025 — An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. • https://sharedobject.blog/posts/nothing-bpf • CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-57605
https://notcve.org/view.php?id=CVE-2024-57605
12 Feb 2025 — Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components. • https://hkohi.ca/vulnerability/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-57603
https://notcve.org/view.php?id=CVE-2024-57603
12 Feb 2025 — An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting. • https://github.com/mayswind/ezbookkeeping/issues/33 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-57604
https://notcve.org/view.php?id=CVE-2024-57604
12 Feb 2025 — An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. • https://github.com/mayswind/ezbookkeeping/issues/33 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2025-21373 – Windows Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21373
11 Feb 2025 — Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21373 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 7%CPEs: 26EXPL: 0CVE-2025-21418 – Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-21418
11 Feb 2025 — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418 • CWE-122: Heap-based Buffer Overflow •